CompTIA Security Plus Mock Test Q780

Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

A. Develop a set of standards
B. Separation of duties
C. Develop a privacy policy
D. User training


Correct Answer: D
Section: Application, Data and Host Security

Explanation:
User training is an important aspect of maintaining safety and security. It helps improve users’ security awareness in terms of prevention, enforcement, and threats. It is of critical
importance when element of the company policy cannot be enforced by technical means.

Incorrect Answers:
A: Standards are derived from policies and should provide the detail required to audit a system and ensure that the standard is being met. It does no help enforce a policy.
B: Separation of duties is the division of administrative tasks and their assignment to different administrators. This ensures that no one user has complete access or power over an
entire network, server, or system. The separation of duties can be enforced by technical means.
C: Privacy policy describes the controls required to maintain data privacy within a system. This is an example of a policy, it does not help enforce a policy.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 21, 24, 153, 399-402
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 82, 112